Securing Your Valuable Responses

We understand that your RFP responses contain potentially-sensitive information. We take this very seriously and have implemented the following to ensure the security and integrity of your data:

Data access only through backend application services - no direct DB access
Customer data separated logically with hidden org id
SSL Security certificate for HTTPS web access
Dedicated DB available (at additional cost)
IP restriction option
Granular user access
User accounts locked after 5 failed login attempts
User and Entry audit trail logging
Configurable user session timeout

Set Granular User Permissions

Users can be created with any combination of the following permissions.

Read RFP entries (includes List & Search)
Author RFP entries
Edit RFP entries
Assign Drafts
Approve RFP entries (includes Reject)
Define entry grouping/categorization
Edit users (includes Delete & Clone)
Edit self
Export
Edit account settings
Brand user interface
Trusted User

Typically, users will be created along these models:

Basic user - A basic user may have no permissions other than Read and Edit Self. This is sufficient for users who are consumers of the compiled information and do not need to (or are not trusted to) edit or create the RFP response entries.

Author/Approver - Users who will be responsible for ensuring the quality of the RFP response entries will need Read, Author, Edit, Approve, and Edit Self rights. This set of permissions allows full control over the RFP entries, but not to organizational settings.

Acct Admin - An account administrator needs access to Grouping setup, Edit Users, Edit Self, Brand Interface, and Edit Acct Settings.

Super User - In some organizations, the Super User is granted every level of access.

Partner User - Create user accounts for partners, but restrict them to content cleared for "outsider" eyes.

Dedicated Database for Your Data

Our customers' RFP data is logically separated from other customers' data by an encrypted organization id. This id is established when a user logs on and is used for all subsequent data access. The org id is never exposed through the web interface, keeping it secure.

All data access is performed using a dedicated DB access layer within the application. The org id and a valid session id are required for all data access. Data can not be accessed otherwise.

Client-dedicated databases are available upon request (additional fees apply) to further separate customer data. Organizations with very large amounts of data or who are extra sensitive to security concerns may find this option very attractive.

For Your Eyes Only

Approval workflow ensures that no one sees your RFP responses until they have been thoroughly reviewed and meet your standards.
Draft responses can be kept private to the author. This allows users with Author permission to maintain public and private entries. Only the author of a draft entry can read, edit, or export it.
"Trusted Only" content can be accessed only by users who are marked as Trusted. Others (including partner employees, probationary employees, or resellers) can only see those entries approved for external consumption.

Detailed Audit Trails

Entry Audit Trail - If enabled, RFPMonkey.com tracks each time an RFP entry is added, edited, assigned, approved, rejected, graded, or deleted. Each audit trail record includes the date, time, action, entry ID, and associated user ID and username.

User Audit Trail - Logging user activity can be set to various levels. The minimum logging level tracks Log In and Log Out events. The maximum level tracks this, plus changes to the organization, users, preferences, RFP entries, branding, and export functions.